CWE-278Insecure Preserved Inherited Permissions

Description

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.

Common consequences

• Confidentiality,Integrity→Read Application Data,Modify Application Data

Potential mitigations

• Architecture and Design,Operation
  Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
• Architecture and Design
  [object Object]

Related CWEs

Recent CVEs classified under this CWE